You receive a "The target principal name is incorrect" error message when you connect to a Web site that was published by using ISA Server 2000 Web publishing (328917)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
- Microsoft Internet Security and Acceleration Server 2000 SP1
This article was previously published under Q328917 SYMPTOMS When an external client connects to a Web site, the client may receive the following error message:
500 Internal Server Error - The target principal name is
incorrect. (-2146893022) This symptom occurs if the Web site was
published by using Web Publishing on a Microsoft Internet Security and Acceleration (ISA) Server 2000-based computer. Additionally, one of the following events may appear in
the ISA Server 2000-based computer event log: 07.09.2002 16:15:08 Microsoft Web
Proxy Error None 14200 N/A iis-secure ISA Server failed to establish an SSL connection with
iis-secure.domain.com. The target principal name is incorrect. 07.09.2002 16:15:08 Microsoft Web Proxy Error None 14200
N/A 10.10.10.10 ISA Server failed to establish an SSL connection with
iis-secure.domain.com. The target principal name is incorrect. This symptom occurs if the internal connection from the ISA Server 2000-based computer to the
published Web site is a Secure Sockets Layer (SSL) connection. Additionally, this symptom may occur when an external client
connects to the published site on an ISA Server 2000-based computer by using HTTP or HTTPS.
CAUSE This problem occurs if an item does not match the common name of the
Web server certificate that is mapped to the Web site. The item can be any one of the following items that ISA Server 2000 uses to connect
to the internal Web server that is running Microsoft Internet Information Services (IIS): - The fully qualified domain name (FQDN)
- The NetBIOS name
- The IP address
RESOLUTION To resolve this problem, check the common name of the Web server
certificate and change the Web Publishing Rule on ISA Server 2000 to match this name. To do this, follow these steps:
- Click Start, point to Programs, point to Microsoft ISA Server, click ISA Server Management, and then click Web Publishing.
- Right-click the Web publishing rule that you want, click Properties, and then click the Action tab.
- Make sure that the Send original host header to the published server instead of the original one check box is not selected.
Note If the Send original host header to the published server instead of the original one check box is selected,
you must make sure that the host header that the external client uses to connect to the published Web site matches the common name of the Web server certificate. - Under Redirect the request to this internal Web server, type the correct common name of the Web server certificate.
Note
Make
sure that the internal network can correctly resolve the common name of the Web server certificate.
Modification Type: | Major | Last Reviewed: | 10/26/2004 |
---|
Keywords: | kbprb KB328917 kbAudITPRO |
---|
|